I need to move users off of Umbraco to another CMS and all their passwords are hashed. I'd like to prevent users from resetting their passwords and would like to implement the same hashing algorithm in the new CMS.
What hashing type does Umbraco use in its membership provider?
for example
"W477AMlLwwJQeAGlPZKiEILr8TA=" is the hash of "test"
I cannot use .net and will have to re-implement this hashing in javascript.
UPDATED WITH ANSWER:
//not sure why I can't use cryptojs's utf16LE function
//words = CryptoJS.enc.Utf16LE.parse("test");
//utf16 = CryptoJS.enc.Utf16LE.stringify("test");
function str2rstr_utf16le(input) {
var output = [],
i = 0,
l = input.length;
for (; l > i; ++i) {
output[i] = String.fromCharCode(
input.charCodeAt(i) & 0xFF,
(input.charCodeAt(i) >>> 8) & 0xFF
);
}
return output.join('');
}
var pwd = str2rstr_utf16le("test");
var hash = CryptoJS.HmacSHA1(pwd, pwd);
var encodedPassword = CryptoJS.enc.Base64.stringify(hash);
alert(encodedPassword);
To be more specific, it uses this particular class to hash the password. This should serve as a simple implementation example.
Like Martijn pointed out, though, Umbraco uses the standard provider model. As such, you can both access it easily via the abstract classes, and create your own implementation of a membership provider.